VAR-200210-0081
Vulnerability from variot - Updated: 2025-04-03 22:16Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. The 1100 series routers are a broadband connectivity solution distributed by Telindus. Under some circumstances, a vulnerable Telindus router may leak sensitive information. When an attempt to connect to the router is made using the administrative software, the router sends the password to the client in plain text. This packet is sent via UDP. **The vendor has released firmware version 6.0.27, dated July 2002. Reports suggest that this firmware does not adequately protect against this vulnerability. The firmware is reported to use an encrypted UDP packet when connecting to the router. However, the firmware uses a weak encryption scheme and thus it is easily circumvented by an attacker. A design vulnerability in the Telindus 1100 series routers could allow a remote attacker to obtain administrator password information. Telindus 1100 series routers provide a management software, which can be downloaded from Telindus website for free, and can be used to remotely manage routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200210-0081",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "adsl router",
"scope": "eq",
"trust": 1.9,
"vendor": "telindus",
"version": "1120"
},
{
"model": "adsl router",
"scope": "eq",
"trust": 1.9,
"vendor": "telindus",
"version": "1110"
},
{
"model": "adsl router .21b",
"scope": "eq",
"trust": 0.3,
"vendor": "telindus",
"version": "11206.0"
}
],
"sources": [
{
"db": "BID",
"id": "4946"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
},
{
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "finelli@ieee.org\u203b\u003efinelli@ieee.org\u003c/a\u003e\u203b finelli@ieee.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0949",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0949",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5338",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0949",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200210-219",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5338",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5338"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
},
{
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router\u0027s password and other sensitive information in cleartext. The 1100 series routers are a broadband connectivity solution distributed by Telindus. \nUnder some circumstances, a vulnerable Telindus router may leak sensitive information. When an attempt to connect to the router is made using the administrative software, the router sends the password to the client in plain text. This packet is sent via UDP. \n**The vendor has released firmware version 6.0.27, dated July 2002. Reports suggest that this firmware does not adequately protect against this vulnerability. The firmware is reported to use an encrypted UDP packet when connecting to the router. However, the firmware uses a weak encryption scheme and thus it is easily circumvented by an attacker. A design vulnerability in the Telindus 1100 series routers could allow a remote attacker to obtain administrator password information. Telindus 1100 series routers provide a management software, which can be downloaded from Telindus website for free, and can be used to remotely manage routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0949"
},
{
"db": "BID",
"id": "4946"
},
{
"db": "VULHUB",
"id": "VHN-5338"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5338",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5338"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0949",
"trust": 2.0
},
{
"db": "BID",
"id": "4946",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200210-219",
"trust": 0.7
},
{
"db": "XF",
"id": "9277",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020605 SOME VULNERABILITIES IN THE TELINDUS 11XX ROUTER SERIES",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21513",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5338",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5338"
},
{
"db": "BID",
"id": "4946"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
},
{
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"id": "VAR-200210-0081",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5338"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:16:54.316000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4946"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9277.php"
},
{
"trust": 0.3,
"url": "http://www.telindus.com/"
},
{
"trust": 0.3,
"url": "/archive/1/304670"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5338"
},
{
"db": "BID",
"id": "4946"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
},
{
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5338"
},
{
"db": "BID",
"id": "4946"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
},
{
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-5338"
},
{
"date": "2002-06-05T00:00:00",
"db": "BID",
"id": "4946"
},
{
"date": "2002-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-219"
},
{
"date": "2002-10-04T04:00:00",
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5338"
},
{
"date": "2009-07-11T13:56:00",
"db": "BID",
"id": "4946"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200210-219"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0949"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telindus 1100 ADSL Router Administrator Password Disclosure Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "4946"
},
{
"db": "CNNVD",
"id": "CNNVD-200210-219"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…